CVE-2024-34691

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2024-34691
Manage Incoming Payment Files (F1680) of SAP S/4HANA does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. As a result, it has high impact on integrity and no impact on the confidentiality and availability of the system.

6.5 /10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact HIGH

Availability Impact NONE

Scope UNCHANGED

References
Link Resource
https://me.sap.com/notes/3466175 Permissions Required
https://support.sap.com/en/my-support/knowledge-base/security-notes-news.html Patch Vendor Advisory
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:sap:s\/4_hana:103:*:*:*:*:*:*:*
cpe:2.3:a:sap:s\/4_hana:104:*:*:*:*:*:*:*
cpe:2.3:a:sap:s\/4_hana:105:*:*:*:*:*:*:*
cpe:2.3:a:sap:s\/4_hana:106:*:*:*:*:*:*:*
cpe:2.3:a:sap:s\/4_hana:107:*:*:*:*:*:*:*
cpe:2.3:a:sap:s\/4_hana:108:*:*:*:*:*:*:*
cpe:2.3:a:sap:s\/4_hana:s4core_102:*:*:*:*:*:*:*
History

16 Aug 2024, 18:08

Type Values Removed Values Added
References () https://me.sap.com/notes/3466175 - () https://me.sap.com/notes/3466175 - Permissions Required
References () https://support.sap.com/en/my-support/knowledge-base/security-notes-news.html - () https://support.sap.com/en/my-support/knowledge-base/security-notes-news.html - Patch, Vendor Advisory
First Time Sap s\/4 Hana
Sap
CPE cpe:2.3:a:sap:s\/4_hana:104:*:*:*:*:*:*:*
cpe:2.3:a:sap:s\/4_hana:108:*:*:*:*:*:*:*
cpe:2.3:a:sap:s\/4_hana:s4core_102:*:*:*:*:*:*:*
cpe:2.3:a:sap:s\/4_hana:106:*:*:*:*:*:*:*
cpe:2.3:a:sap:s\/4_hana:103:*:*:*:*:*:*:*
cpe:2.3:a:sap:s\/4_hana:105:*:*:*:*:*:*:*
cpe:2.3:a:sap:s\/4_hana:107:*:*:*:*:*:*:*

11 Jun 2024, 13:54

Type Values Removed Values Added
Summary
  • (es) Administrar archivos de pagos entrantes (F1680) de SAP S/4HANA no realiza las verificaciones de autorización necesarias para un usuario autenticado, lo que resulta en una escalada de privilegios. Como resultado, tiene un alto impacto en la integridad y ningún impacto en la confidencialidad y disponibilidad del sistema.

11 Jun 2024, 03:15

Type Values Removed Values Added
New CVE
Information

Published : 2024-06-11 03:15

Updated : 2024-08-16 18:08

NVD link : CVE-2024-34691

Mitre link : CVE-2024-34691

CVE.ORG link : CVE-2024-34691

JSON object : View

Products Affected

sap

  • s\/4_hana
CWE
CWE-862

Missing Authorization